The infamous banking trojan Dyreza has grown yet another head, according to cyber-security firm, Heimdall, named for the gold-toothed god of norse mythology.
The new feature of this pernicious strain of malware includes support for Windows 10, so today's professional cyber-criminal can stay up to date with the developments of their prey as well as the ability to latch on, remora-like, to Microsoft Edge, Window's 10's replacement for the much-maligned internet explorer.
Heimdall also noted that this new version of Dyreza “kills a series of processes linked to endpoint security software, in order to make its infiltration in the system faster and more effective”
Nearly 100,000 machines have apparently caught a bad case of Dyreza worldwide and Dyreza strains have been developed for just about every kind of Windows operating system in recent memory including Windows 7 through 10 as well as Winserver 2003 and Vista.
Occasionally known as Dyre, this particular trojan digs itself right into users' browser. From there, it directs users to modified versions of otherwise legitimate webpages. If Dyreza is installed on your computer, it might steal your online banking details as you log into what you think is your normal online banking webpage.
It commonly spreads itself in large swathes of phishing emails sent out to the unsuspecting. This tactic is known as spray and pray, named for the kind of automatic weapons that can spit a lot of bullets but rarely hit their target.
But once Dyreza does hit it's target, it collects users data and becomes part of a botnet, allowing the attacker to receive the critical information from many users….
With the rise of Crime as a Service, Dyreza can be administered to the unwitting without any great expertise and for relatively low cost.
There is profit here on both ends of the sale, with one making money off the credentials stolen with Dyreza and the other making money from authoring such malware without getting their hands too dirty.
The research also notes that this new strain arrives just in time for the holidays, with Christmas, Thanksgiving and more importantly, Black Friday, the post-thanksgiving day of rabid outlet raiding, just around the corner: “so financial malware will be set to collect a huge amount of financial data. Users will be busy, prone to multitasking and likely to choose convenience over safety online”.